Russia and Iran have both undertaken cyber influence operations headed into the 2024 presidential election. In our last report, published on August 8, we detailed how Iranian cyber-enabled influence operations sought to undermine the Republican campaign through targeted hack-and-leak operations, covert social media personas, and imposter US news sites. In the past two months, Microsoft has observed a notable shift in Russian influence operations tactics reflecting the changing U.S. political environment. Specifically, we have observed Russia pivot towards targeting the Harris-Walz campaign, with actors disseminating fabricated videos designed to sow discord and spread disinformation about the new Democratic nominee Vice President Harris.
We discuss this activity in a new report by the Microsoft Threat Analysis Center (MTAC) released today. This update follows other reports we have released around activity by actors advancing the geopolitical goals of Iran and China.
The shift to focusing on the Harris-Walz campaign reflects a strategic move by Russian actors aimed at exploiting any perceived vulnerabilities in the new candidates. Initially, Russian influence operations struggled to evolve their efforts following President Biden’s departure from the 2024 US presidential race. However, in late August and September, we observed two Russian actors MTAC tracks closely — previously reported as Storm-1516 and Storm-1679 — using videos designed to discredit Harris and stoke controversy around her campaign. Specifically:
- Storm-1516, identified by news reports as a Kremlin-aligned troll farm, produced and disseminated two inauthentic videos, each generating millions of views. One video depicted an attack by alleged Harris supporters on a supposed Trump rally attendee, while another used an on-screen actor to fabricate false claims about Harris’s involvement in a hit-and-run accident. This second video was laundered through a website masquerading as a local San Francisco media outlet — which was only created days beforehand.
- Storm-1679, a newer group reportedly aligned with the Kremlin, pivoted its focus from producing content about the 2024 Paris Olympic Games to publishing false videos discrediting Vice President Harris. One of the videos, which was shared on X shortly after it was published to Telegram, depicted a fake New York City billboard advancing false claims about Harris’ policies. The X post received more than 100,000 views in the four hours after it was published on Telegram.
As we inch closer to the election, we should expect Russian actors to continue to use cyber proxies and hacktivist groups to amplify their messages through media websites and social channels geared to spread divisive political content, staged videos, and AI-enhanced propaganda. The actions taken by the US government on September 4 mark an important and impactful step to protect against foreign influence targeting the upcoming US presidential election, and Microsoft suspended more than 20 active Microsoft email accounts created by the now sanctioned government-funded communications agency ANO Dialog. However, we have also observed actors attempting to create new infrastructure, with one threat actor already having moved media outlets from seized websites to new ones.
Russia and Iran are not the only nation-states using influence operations to influence the election. A Chinese-linked influence actor Microsoft tracks as Storm-1852 successfully pivoted to short-form video content that criticizes the Biden administration and Harris campaign before some of its assets disappeared from social media following reports of its activity. While most Storm-1852 personas masquerade as conservative US voters voting for Trump, a handful of accounts also create anti-Trump content and use political slogans and hashtags associated with American progressive politics.
Collectively, these three nation states — Iran, China and Russia — demonstrate the complexities of foreign interference that the US faces, and the need for the public to remain vigilant against these evolving threats. MTAC will continue to monitor this activity, and provide updates so voters, government institutions, candidates, parties, and others can be aware of influence campaigns and more resilient against foreign interference in democratic processes. As we’ve said before, our goal in releasing these reports is to promote education and protect institutions from any form of foreign interference. Microsoft will not endorse a candidate or political party.